Both Lenovo and Microsoft have taken action to remove from Windows the root certificate installed by the highly criticized Superfish application, which is used to generate certificates for every web page that uses HTTPS connection.
The Superfish app is not targeted by critics mainly because of its man-in-the-middle function, but because the add-on uses the same RSA private-encrypting and root certificate on all systems.
Removing Superfish Doesn’t Limit the Risk for the System
The private key of the certificate can be easily extracted and decrypted, which would allow cyber criminals to perform their man-in-the-middle campaigns via compromised Wi-Fi networks. This way the attackers can block and decode the encrypted client-to-server communication, leaving the victim unaware of the process.
The Superfish app can be uninstalled from the system easily, yet the root certificate “survives” in Windows and the risk remains. The only way to eliminate all possible threat is to remove the certificate as well.
Superfish Is Compatible with Multiple Web Browsers
The main purpose of the add-on is to inject advertisements in the web pages visited by the user, presenting him with alternative shopping results for different products he has searched for, using only the image of the item.
Although the application code itself is not malicious, it features a transparent man-in-the-middle service that is based on the SSL Digestor engine. The latter generates root CA certificates and private keys that are not unique.
There are other programs like Qustodio and Keep My Family Secure, which rely on Komodia’s SDK and intercept traffic just like Superfish does.
How Is Superfish Delivered?
There are multiple distribution techniques that can be used to deliver Superfish. One of the most used methods is to push the application during the installation of another piece of software. But the one technique that experts found rather aggravating was the inclusion of the add-on in Lenovo consumer notebooks.
Lenovo and Microsoft Fixing the Issue
As a respond to the problem, Microsoft released a signature for Windows Defender and Security Essentials that will not only remove the application but also delete the root certificate in the OS store.
Both AV tools are built into Windows Vista 8.1 and free of charge. Their purpose is to protect the operating system in case the machine lacks a third-party security solution.
In case the user browses the Web using Mozilla Firefox, the Superfish certificate will be injected in the browser’s store, and it needs to be removed from there, too. In such cases, the removal techniques Microsoft provides will not work.
Luckily, Lenovo has fixed that particular problem, by creating and publishing an automated removal tool that can delete the Superfish root certificate in Thunderbird and Firefox certificate stores.